| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: immer wieder neue Setup.exe in Temp-OrdnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2013, 23:22
| #1 |
 |  immer wieder neue Setup.exe in Temp-Ordner Hallo zusammen, Ich habe seit ein paar Tagen immer wieder eine merkwürdige Setup.exe in meinem Temp-Ordner. Aus dem Nichts heraus kommt dann jedesmal die Abfrage, ob ich die Installation zulassen will oder nicht. Natürlich klick ich dann immer auf Nein. CCleaner und Spybot hab ich schon etliche Male gestartet. Bringt aber nichts. Das letzte mal hat sich die Setup.exe auf meinem Laptop gemeldet, unmittelbar, nachdem ich CCleaner und Spybot laufen lassen hab. Wie in der Anleitung beschrieben, hab ich alle Scans ausgeführt und poste sie hier wie folgt: defogger_disable.log : defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:34 on 22/12/2013 (max) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- --------------------------------- Addition.txt :FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01
Ran by max at 2013-12-22 22:37:23
Running from C:\Users\max\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Ashampoo Burning Studio Elements 10.0.9 (x32 Version: 3.1.1)
Ask Toolbar (x32 Version: 12.9.1.17) <==== ATTENTION
avast! Free Antivirus (x32 Version: 9.0.2008)
Brother MFL-Pro Suite DCP-195C (x32 Version: 1.0.1.0)
calibre (x32 Version: 0.8.28)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.9.0.4)
Canon Utilities Digital Photo Professional (x32 Version: 3.12.20.0)
Canon Utilities ImageBrowser EX (x32 Version: 1.2.1.13)
Canon Utilities PhotoStitch (x32 Version: 3.1.23.47)
CCleaner (Version: 4.08)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Celestia 1.6.0 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Exif-Viewer 2.50 (x32 Version: 2.50)
Explorer Suite III
FileParade Bundle (x32 Version: 1.0.0.0)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 7.6.0 (Full) (x32 Version: 7.6.0)
MainConcept MJPEG Codec Demo (x32 Version: 3.02.0004.0000)
MainConcept MJPG software codec (Remove Only) (x32)
McAfee Security Scan Plus (Version: 3.8.130.10)
MediaInfo 0.7.61 (Version: 0.7.61)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
Motorola Driver Installation 3.9.0 (Version: 3.9.0)
Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.756)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0)
MSVCRT Redists (Version: 1.0)
MSVCRT Redists (x32 Version: 1.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NTRIP (x32)
NVIDIA Drivers (Version: 1.4)
OpenOffice.org 3.4 (x32 Version: 3.4.9590)
Paint.NET v3.5.10 (Version: 3.60.0)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
PhotoScape (x32)
PL-2303 USB-to-Serial (x32 Version: 1.4.17)
Quick Media Converter Ask Toolbar Updater (HKCU Version: 1.2.0.20007) <==== ATTENTION
QuickTime (x32 Version: 7.74.80.86)
ScanSoft PaperPort 11 (x32 Version: 11.2.0000)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32)
Überwachungstool für die Intel® Turbo-Boost-Technik (Version: 1.0.186.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update miniHomer 2.8 Version 2.8 (x32 Version: 2.8)
Update miniHomer Version 2.6 (x32 Version: 2.6)
Updater (x32 Version: 2.6.49)
VIS (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VSO Image Resizer 4.0.2.5 (x32 Version: 4.0.2.5)
Websteroids (x32 Version: 2.6.49)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Internet Explorer 10 (x32 Version: 10.0)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
XMedia Recode 3.0.6.0 (x32 Version: 3.0.6.0)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ___AC C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {253AA94C-B81C-4ABE-957C-FAD1ACB9967E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30A8F779-13BB-4F05-9A52-0787653C4CDA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {34B2FBD7-7971-44BB-8127-8664E93256E0} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-12-13] (AVAST Software)
Task: {5A8D4D33-F9F7-49FA-90F6-3A0D6EDFCE6F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {5BDCE4B0-9980-4211-828F-D2D7C61775AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {5C466351-1661-4AC2-A8CC-C5B327D34C8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5DEA853F-7A4D-43E8-9449-FE0E57B034BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {76044278-48D0-41B5-B1A8-93832FCCDF2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {7DF9C0E6-37F4-43E2-A928-39BDAA0648AB} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {83558952-CA50-4A20-A13A-3EC5D8E21A8D} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {9887809C-EA83-4BF8-8BB3-701D5D708A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23] (Google Inc.)
Task: {9E2BC02C-B839-49C0-82AA-FE85FB334095} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9F05B2AF-D111-4F97-88E5-0B2E112469F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {B17A6072-0100-4950-A768-0A6F8177F7C2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B5AA7C9B-E68D-4359-AA63-B2ED2557B0FE} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {C135D8E8-FC1A-4546-B2C0-59F4F79A83E2} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {CA283BEE-3EC0-466E-A81A-EB392CBC959D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {CEC26ED2-C2FA-4BA9-8C61-07CCAA3AE285} - System32\Tasks\APSchedulerC => C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-22 22:09 - 2013-12-22 17:58 - 02154496 _____ () C:\Program Files\Alwil Software\Avast5\defs\13122201\algo.dll
2010-02-09 07:08 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-09 15:13 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-09 15:13 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-09 15:13 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-01 11:48 - 2013-01-29 18:45 - 00112128 ____C () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2009-06-03 12:59 - 2009-06-03 12:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 12:59 - 2009-06-03 12:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-04-13 11:04 - 2012-04-13 11:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-04-13 11:00 - 2012-04-13 11:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2010-11-20 13:15 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-04-09 15:13 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-12-13 21:11 - 2013-12-13 21:11 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2002-07-27 23:53 - 2002-07-27 23:53 - 00040960 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2002-08-20 20:01 - 2002-08-20 20:01 - 00134656 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2002-08-02 00:26 - 2002-08-02 00:26 - 00035328 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2001-12-30 16:08 - 2001-12-30 16:08 - 00015360 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2002-08-20 21:56 - 2002-08-20 21:56 - 00041984 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2002-07-23 19:38 - 2002-07-23 19:38 - 00013824 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2013-12-20 14:17 - 2013-12-20 14:18 - 03559024 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:AD022376
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2013 07:00:00 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (12/22/2013 10:05:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/22/2013 10:04:53 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2013 03:46:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2013 03:45:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2013 09:21:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2013 09:20:21 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/21/2013 09:20:20 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (12/22/2013 06:27:01 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (12/21/2013 04:05:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
Error: (12/21/2013 03:58:22 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:20 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:19 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:17 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:13 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:12 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (12/21/2013 03:58:10 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (06/16/2012 08:29:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 3949.63 MB
Available physical RAM: 1374.9 MB
Total Pagefile: 7897.43 MB
Available Pagefile: 5263.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Lokal) (Fixed) (Total:79.62 GB) (Free:37.04 GB) NTFS
Drive d: (Volume) (Fixed) (Total:331.98 GB) (Free:165.92 GB) NTFS
Drive g: (Volume) (Fixed) (Total:39.06 GB) (Free:38.92 GB) NTFS
Drive i: () (Removable) (Total:15.12 GB) (Free:2.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2C06486A)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Not Active) - (Size=15 GB) - (Type=27)
Partition 3: (Active) - (Size=100 MB) - (Type=42)
Partition 4: (Not Active) - (Size=80 GB) - (Type=42)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
FRST.txt : FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by max (administrator) on MAX-PC on 22-12-2013 22:36:40
Running from C:\Users\max\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Nullsoft) C:\Program Files (x86)\Winamp\winamp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\max\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [481656 2013-11-20] (Updater)
MountPoints2: {b31c6295-adf7-11e0-9982-b482fe37fbac} - G:\iStudio.exe
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] - C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [344 2011-07-23] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1804240 2013-12-10] (APN)
HKLM-x32\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [481656 2013-11-20] (Updater)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-13] (AVAST Software)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://dsl-start.computerbild.de/?ie=10
hxxp://mixidj.delta-search.com/?affID=121136&tt=190313_gr1&babsrc=HP_ss&mntrId=601EF67BCB2384C6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10
hxxp://mixidj.delta-search.com/?affID=121136&tt=190313_gr1&babsrc=HP_ss&mntrId=601EF67BCB2384C6
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
URLSearchHook: HKCU - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
SearchScopes: HKLM-x32 - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yd.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=162CDC29-8D1D-48C7-9F3D-B25C4FB776F5&apn_sauid=0BDC4AAB-D63A-4BF4-AB04-C7384DF02DB4
SearchScopes: HKCU - {4301F923-6526-4B7B-9074-BFFC22CC5836} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {965CD262-60AA-4711-BCE6-2C3AC22DDA48} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Websteroids - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730
FF NewTab: www.google.de
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\searchplugins\ask-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vis - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: Live Gold - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\livegold@dotcreation
FF Extension: Websteroids - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\support@websteroidsapp.com
FF Extension: DownloadHelper - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Exif Viewer - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: Ask Toolbar - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\toolbar_ORJ-V7@apn.ask.com.xpi
FF Extension: NoScript - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: DownThemAll! - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Menu Editor - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] - C:\Program Files (x86)\LyricsWoofer\122.xpi
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (VIS) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
CHR Extension: () - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0
CHR Extension: (Speed Test Analysis) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5_0
CHR Extension: (Google Wallet) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\max\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-10] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-13] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-12-13] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-12-13] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-12-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-13] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-13] ()
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-22 22:36 - 2013-12-22 22:37 - 00022702 ____C C:\Users\max\Downloads\FRST.txt
2013-12-22 22:36 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-22 22:35 - 01928280 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000468 ____C C:\Users\max\Downloads\defogger_disable.log
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-22 10:05 - 2013-12-22 10:05 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-20 14:17 - 2013-12-20 14:18 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 18:51 - 2013-12-12 08:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:21 - 2013-12-11 08:21 - 00000000 ___DC C:\Users\max\Documents\PC Speed Maximizer
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Websteroids
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Updater
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\RHelpers
2013-12-11 08:13 - 2013-12-11 08:13 - 01080504 ____C (Conduit) C:\Users\max\Downloads\CCleaner_TSV426SC.exe
2013-12-11 08:04 - 2013-12-11 20:10 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 08:04 - 2013-12-11 20:10 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 08:04 - 2013-12-11 20:08 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 08:04 - 2013-10-04 03:16 - 00116736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 08:04 - 2013-10-04 02:36 - 00230400 ____C (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
2013-12-22 22:37 - 2013-12-22 22:36 - 00022702 ____C C:\Users\max\Downloads\FRST.txt
2013-12-22 22:36 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-22 22:35 - 01928280 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000468 ____C C:\Users\max\Downloads\defogger_disable.log
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:34 - 2010-04-06 09:07 - 00000000 ___DC C:\Users\max
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 22:33 - 2012-04-15 06:51 - 00000884 ____C C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 22:16 - 2010-02-10 00:33 - 00654400 ____C C:\windows\system32\perfh007.dat
2013-12-22 22:16 - 2010-02-10 00:33 - 00130240 ____C C:\windows\system32\perfc007.dat
2013-12-22 22:16 - 2009-07-14 06:13 - 01498742 ____C C:\windows\system32\PerfStringBackup.INI
2013-12-22 21:57 - 2011-07-23 15:05 - 00001104 ____C C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 21:30 - 2010-02-09 06:58 - 01709460 ____C C:\windows\WindowsUpdate.log
2013-12-22 20:57 - 2011-07-23 15:05 - 00001100 ____C C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 18:21 - 2013-09-28 09:15 - 00000000 ___DC C:\Users\max\AppData\Roaming\vlc
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-22 10:13 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:13 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 10:06 - 2012-07-10 13:58 - 00004184 ____C C:\windows\System32\Tasks\avast! Emergency Update
2013-12-22 10:05 - 2013-12-22 10:05 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-22 10:03 - 2009-07-14 06:08 - 00000006 ___HC C:\windows\Tasks\SA.DAT
2013-12-21 09:19 - 2012-04-26 06:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:18 - 2013-12-20 14:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:08 - 2013-09-23 08:34 - 00000700 ____C C:\Users\max\Desktop\Film-Tips.txt
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 19:23 - 2013-08-01 21:03 - 00000000 ___DC C:\windows\system32\MRT
2013-12-15 19:22 - 2010-04-10 07:27 - 90708896 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 16:52 - 2013-06-19 12:32 - 00000000 ___DC C:\Users\max\.gimp-2.8
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:11 - 2013-03-19 16:22 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-13 21:11 - 2013-03-19 16:22 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-12-13 21:11 - 2012-02-26 13:20 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-12-13 21:11 - 2011-05-27 09:09 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-13 21:11 - 2011-01-21 12:45 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-13 21:11 - 2011-01-21 12:45 - 00043152 ____C (AVAST Software) C:\windows\avastSS.scr
2013-12-13 21:11 - 2010-04-22 05:41 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00001982 ____C C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-13 21:10 - 2010-04-22 05:41 - 00000000 ____C C:\windows\SysWOW64\config.nt
2013-12-12 08:12 - 2013-12-11 18:51 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 08:01 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 07:59 - 2009-07-14 05:45 - 00486968 ____C C:\windows\system32\FNTCACHE.DAT
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 20:10 - 2013-12-11 08:04 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 20:10 - 2010-04-06 09:15 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 20:08 - 2013-12-11 08:04 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 10:00 - 2013-10-25 05:43 - 00001716 ____C C:\Users\max\Desktop\Oberstdorf-Reisetips.txt
2013-12-11 08:21 - 2013-12-11 08:21 - 00000000 ___DC C:\Users\max\Documents\PC Speed Maximizer
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Websteroids
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\Updater
2013-12-11 08:15 - 2013-12-11 08:15 - 00000000 ___DC C:\ProgramData\RHelpers
2013-12-11 08:13 - 2013-12-11 08:13 - 01080504 ____C (Conduit) C:\Users\max\Downloads\CCleaner_TSV426SC.exe
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00692616 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:33 - 2011-10-07 17:41 - 00071048 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 20:02 - 2013-10-22 08:13 - 00002831 ____C C:\Users\max\Desktop\Fahrplan-Romantische_Schiene_EM_Noerdlingen.txt
2013-12-02 20:52 - 2011-07-23 15:05 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 20:52 - 2011-07-23 15:05 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 18:28 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-11-23 09:13 - 2013-03-16 19:51 - 00000000 ___DC C:\Users\max\Documents\Movie Studio Platinum 12.0 Projekte
2013-11-22 07:58 - 2010-04-14 07:51 - 00000000 ___DC C:\windows\Minidump
2013-11-22 07:58 - 2009-08-02 03:27 - 00000000 ___DC C:\windows\Panther
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-10 21:49
==================== End Of Log ============================
--- --- --- --- --- --- |
|
22.12.2013, 23:23
| #2 |
| | immer wieder neue Setup.exe in Temp-Ordner gmer.log :
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-22 23:02:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\max\AppData\Local\Temp\kftdypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003beb000 63 bytes [00, 00, 7F, 00, 4E, 62, 31, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003beb040 12 bytes [10, F0, 66, 08, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\wininit.exe[616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\lsass.exe[696] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\winlogon.exe[872] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\nvvsvc.exe[940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\System32\svchost.exe[316] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\System32\svchost.exe[500] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[540] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[572] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\nvvsvc.exe[1284] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\Explorer.EXE[1568] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\System32\spoolsv.exe[1652] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1680] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\taskhost.exe[1800] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1136] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1436] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\SysWOW64\Rezip.exe[1996] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2064] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\windows\system32\svchost.exe[2328] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe[2352] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\windows\System32\svchost.exe[2408] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2432] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[2924] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2812] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[1120] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\windows\system32\SearchIndexer.exe[1896] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[3256] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3832] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3892] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3808] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\ProgramData\Updater\updater.exe[3740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2568] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe[3944] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2232] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe[2596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1228] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[4108] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4280] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe[4292] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4336] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4408] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4420] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4544] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe[4564] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\ProgramData\RHelpers\IEHelper\IeHelper.exe[4596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4692] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075da1465 2 bytes [DA, 75]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075da14bb 2 bytes [DA, 75]
.text ... * 2
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5100] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe[5060] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
.text C:\windows\system32\notepad.exe[21888] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007736eecd 1 byte [62]
.text C:\Users\max\Downloads\gmer_2.1.19163.exe[23208] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754fa2ba 1 byte [62]
---- Services - GMER 2.1 ----
Service C:\windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 16
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 280684
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition4\windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@CreationTime 0xEA 0x10 0xDE 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@StartBootCounter 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@StartTickCounter 128575
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387292117@LastPackageError -1073741766
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe37fbac
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 16
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 280684
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition4\windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@BootTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@TickTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@CreationTime 0xEA 0x10 0xDE 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@SetupOperations MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\alwil software\avast5\setup\instup.dll.sum.1387292117","\??\c:\program files\alwil software\avast5\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@StartBootCounter 10
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@StartTickCounter 128575
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387292117@LastPackageError -1073741766
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe37fbac (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
24.12.2013, 12:01
| #3 | |
| /// the machine /// TB-Ausbilder    | immer wieder neue Setup.exe in Temp-Ordner hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
25.12.2013, 17:45
| #4 |
| | immer wieder neue Setup.exe in Temp-Ordner Danke für deine Antwort, Schrauber! Habe Combofix ausgeführt, hier ist das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-12-24.02 - max 25.12.2013 17:23:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.2328 [GMT 1:00]
ausgeführt von:: c:\users\max\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\max\AppData\Local\lame_enc.dll
c:\users\max\AppData\Local\no23xwrapper.dll
c:\users\max\AppData\Local\ogg.dll
c:\users\max\AppData\Local\vorbisenc.dll
c:\users\max\AppData\Local\vorbisfile.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-25 bis 2013-12-25 ))))))))))))))))))))))))))))))
.
.
2013-12-25 16:30 . 2013-12-25 16:30 -------- dc----w- c:\users\Default\AppData\Local\temp
2013-12-25 15:51 . 2013-12-25 15:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6D0A34-EE6B-41F1-8ECE-25F3D2C00417}\offreg.dll
2013-12-24 09:29 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6D0A34-EE6B-41F1-8ECE-25F3D2C00417}\mpengine.dll
2013-12-22 21:36 . 2013-12-22 21:36 -------- dc----w- C:\FRST
2013-12-14 07:53 . 2013-12-14 07:53 -------- dc----w- c:\users\max\AppData\Roaming\AVAST Software
2013-12-13 20:10 . 2013-12-13 20:10 -------- dc----w- c:\programdata\AVAST Software
2013-12-11 19:11 . 2013-12-11 19:11 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 19:11 . 2013-12-11 19:11 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 19:11 . 2013-12-11 19:11 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 19:11 . 2013-12-11 19:11 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-11 19:11 . 2013-12-11 19:11 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 17:51 . 2013-12-12 07:12 -------- dc----w- c:\program files (x86)\Mozilla Thunderbird
2013-12-11 07:16 . 2013-12-11 07:16 -------- dc----w- c:\program files\CCleaner
2013-12-11 07:15 . 2013-12-11 07:15 -------- dc----w- c:\programdata\Updater
2013-12-11 07:15 . 2013-12-11 07:15 -------- dc----w- c:\programdata\RHelpers
2013-12-11 07:15 . 2013-12-11 07:15 -------- dc----w- c:\programdata\Websteroids
2013-12-10 20:33 . 2013-12-10 20:33 9272200 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 18:22 . 2010-04-10 06:27 90708896 -c--a-w- c:\windows\system32\MRT.exe
2013-12-13 20:11 . 2013-03-19 15:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-13 20:11 . 2013-03-19 15:22 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-13 20:11 . 2012-02-26 12:20 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-13 20:11 . 2011-05-27 08:09 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-13 20:11 . 2011-01-21 11:45 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-13 20:11 . 2010-04-22 04:41 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-13 20:11 . 2010-04-22 04:41 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-13 20:11 . 2010-04-22 04:41 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-13 20:11 . 2010-04-22 04:41 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-13 20:11 . 2011-01-21 11:45 43152 -c--a-w- c:\windows\avastSS.scr
2013-12-10 20:33 . 2012-04-15 05:51 692616 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 20:33 . 2011-10-07 16:41 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 20:58 . 2013-11-20 20:58 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-20 20:58 . 2013-11-20 20:58 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-20 20:58 . 2013-11-20 20:58 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-20 20:58 . 2013-11-20 20:58 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-20 20:58 . 2013-11-20 20:58 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-20 20:58 . 2013-11-20 20:58 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-20 20:58 . 2013-11-20 20:58 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-20 20:58 . 2013-11-20 20:58 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-20 20:58 . 2013-11-20 20:58 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-20 20:58 . 2013-11-20 20:58 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-20 20:58 . 2013-11-20 20:58 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-20 20:58 . 2013-11-20 20:58 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-20 20:58 . 2013-11-20 20:58 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-20 20:58 . 2013-11-20 20:58 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-20 20:58 . 2013-11-20 20:58 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-20 20:58 . 2013-11-20 20:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-20 20:58 . 2013-11-20 20:58 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-20 20:58 . 2013-11-20 20:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-20 20:58 . 2013-11-20 20:58 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-20 20:58 . 2013-11-20 20:58 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-20 20:58 . 2013-11-20 20:58 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-20 20:58 . 2013-11-20 20:58 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-20 20:58 . 2013-11-20 20:58 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-20 20:58 . 2013-11-20 20:58 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-20 20:58 . 2013-11-20 20:58 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-20 20:58 . 2013-11-20 20:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-20 20:58 . 2013-11-20 20:58 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-20 20:58 . 2013-11-20 20:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-20 20:58 . 2013-11-20 20:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-20 20:58 . 2013-11-20 20:58 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-20 20:58 . 2013-11-20 20:58 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-20 20:58 . 2013-11-20 20:58 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-20 20:58 . 2013-11-20 20:58 413696 ----a-w- c:\windows\system32\html.iec
2013-11-20 20:58 . 2013-11-20 20:58 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-20 20:58 . 2013-11-20 20:58 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-20 20:58 . 2013-11-20 20:58 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-20 20:58 . 2013-11-20 20:58 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-20 20:58 . 2013-11-20 20:58 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-20 20:58 . 2013-11-20 20:58 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-20 20:58 . 2013-11-20 20:58 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-20 20:58 . 2013-11-20 20:58 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-20 20:58 . 2013-11-20 20:58 235520 ----a-w- c:\windows\system32\url.dll
2013-11-20 20:58 . 2013-11-20 20:58 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-20 20:58 . 2013-11-20 20:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-20 20:58 . 2013-11-20 20:58 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-20 20:58 . 2013-11-20 20:58 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-20 20:58 . 2013-11-20 20:58 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-20 20:58 . 2013-11-20 20:58 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-20 20:58 . 2013-11-20 20:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-20 20:58 . 2013-11-20 20:58 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-20 20:58 . 2013-11-20 20:58 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-20 20:58 . 2013-11-20 20:58 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-20 20:58 . 2013-11-20 20:58 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-20 20:58 . 2013-11-20 20:58 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-20 20:58 . 2013-11-20 20:58 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-20 20:58 . 2013-11-20 20:58 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-20 20:58 . 2013-11-20 20:58 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-20 20:58 . 2013-11-20 20:58 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-20 20:58 . 2013-11-20 20:58 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 02:33 . 2010-04-23 09:09 267936 -c----w- c:\windows\system32\MpSigStub.exe
2013-11-13 08:46 . 2013-11-13 07:29 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 08:46 . 2013-11-13 07:29 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 08:45 . 2013-11-13 07:29 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 08:45 . 2013-11-13 07:29 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 08:45 . 2013-11-13 07:29 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 08:45 . 2013-11-13 07:29 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 08:45 . 2013-11-13 07:29 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 08:45 . 2013-11-13 07:29 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 08:45 . 2013-11-13 07:29 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 08:45 . 2013-11-13 07:28 340992 ----a-w- c:\windows\system32\schannel.dll
2013-11-13 08:45 . 2013-11-13 07:28 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-13 08:45 . 2013-11-13 07:28 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-13 08:45 . 2013-11-13 07:28 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-11-13 08:45 . 2013-11-13 07:28 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-13 08:45 . 2013-11-13 07:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-11-13 08:45 . 2013-11-13 07:28 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-13 08:45 . 2013-11-13 07:28 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-11-13 08:45 . 2013-11-13 07:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-13 08:45 . 2013-11-13 07:28 30720 ----a-w- c:\windows\system32\lsass.exe
2013-11-13 08:45 . 2013-11-13 07:28 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-11-13 08:45 . 2013-11-13 07:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-11-13 08:45 . 2013-11-13 07:28 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-13 08:45 . 2013-11-13 07:28 28160 ----a-w- c:\windows\system32\secur32.dll
2013-11-13 08:44 . 2013-11-13 07:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 08:44 . 2013-11-13 07:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 08:43 . 2013-11-13 07:28 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 08:43 . 2013-11-13 07:28 830464 ----a-w- c:\windows\system32\nshwfp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}]
2013-11-20 03:47 409464 -c--a-w- c:\programdata\Websteroids\IE\common.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Updater"="c:\programdata\Updater\updater.exe" [2013-11-20 481656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-10 1804240]
"20131121"="c:\program files\Alwil Software\Avast5\setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe" [2013-11-23 180184]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-11-20 481656]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-13 3568312]
.
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-5-1 69120]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0017unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 15:44 1210320 -c--a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:33]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 14:05]
.
2013-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 14:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-13 20:11 326944 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-11-13 09:08; {EDA7B1D7-F793-4e03-B074-E6F303317FB0}; c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF - ExtSQL: 2013-11-14 08:30; EFGLQA@78ETGYN-0W7FN789T87.COM; c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FileParade Bundle - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-25 17:32:48
ComboFix-quarantined-files.txt 2013-12-25 16:32
.
Vor Suchlauf: 14 Verzeichnis(se), 39.184.080.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 38.961.197.056 Bytes frei
.
- - End Of File - - 63BE6F781C22A44EAF0E27329B233B26
Hab grad einen Neustart vorgenommen. Fehlermeldungen gab es keine. Aber promt nach dem Hochfahren war die besagte Setup.exe schon wieder da. |
|
26.12.2013, 14:35
| #5 |
| /// the machine /// TB-Ausbilder | immer wieder neue Setup.exe in Temp-Ordner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.12.2013, 18:19
| #6 |
| | immer wieder neue Setup.exe in Temp-Ordner Danke für deine Anleitungen, schrauber! Hier sind die einzelnen Logfiles: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 max :: MAX-PC [Administrator] 26.12.2013 17:34:19 mbam-log-2013-12-26 (17-34-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229384 Laufzeit: 4 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 18 HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\PricePeep.DLL (PUP.Optional.PricePeep.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0Z1N1J -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Daten: 6447 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.yd.delta-search.com/?babsrc=HP_ss&mntrId=601EF67BCB2384C6&affID=119357&tt=040713_rdrctful&tsp=4937) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\max\Downloads\CCleaner_TSV426SC.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\max\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\max\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ------AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 26/12/2013 um 17:50:28
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : max - MAX-PC
# Gestartet von : C:\Users\max\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\softonic-de3
Ordner Gelöscht : C:\Users\max\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\max\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\max\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\max\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\max\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\searchplugins\ask-search.xml
Datei Gelöscht : C:\windows\System32\Tasks\NCH Software
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKCU\Software\5d6df8ce53deb48
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28007_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader28007_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_animation-shop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_animation-shop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_k-lite-codec-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_k-lite-codec-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_norton-removal-tool_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_quicktime_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tor_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tor_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videopad-video-editor_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [16956 octets] - [26/12/2013 17:48:43]
AdwCleaner[S0].txt - [15956 octets] - [26/12/2013 17:50:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16017 octets] ##########
------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Home Premium x64 Ran by max on 26.12.2013 at 17:58:37,09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1573390494-1178986999-3046489549-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co Emptied folder: C:\Users\max\AppData\Roaming\mozilla\firefox\profiles\fo45zvps.default-1378284021730\minidumps [28 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.12.2013 at 18:05:37,55 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by max (administrator) on MAX-PC on 26-12-2013 18:10:16
Running from C:\Users\max\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
() C:\Windows\SysWOW64\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [APLangApp] - C:\Program Files (x86)\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [344 2011-07-23] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\4c881f8e-9c6b-4fc0-a442-f3667a52b239.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-13] (AVAST Software)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {4301F923-6526-4B7B-9074-BFFC22CC5836} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {965CD262-60AA-4711-BCE6-2C3AC22DDA48} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730
FF NewTab: www.google.de
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Ask Search
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Live Gold - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\livegold@dotcreation
FF Extension: DownloadHelper - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Exif Viewer - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\exif_viewer@mozilla.doslash.org.xpi
FF Extension: NoScript - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: DownThemAll! - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Menu Editor - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\fo45zvps.default-1378284021730\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Speed Test Analysis) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.5_0
CHR Extension: (Google Wallet) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx
CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\max\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-13] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-12-13] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-12-13] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-12-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-13] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-13] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-26 18:10 - 2013-12-26 18:10 - 00019066 ____C C:\Users\max\Downloads\FRST.txt
2013-12-26 18:10 - 2013-12-26 18:10 - 00000000 ___DC C:\Users\max\Downloads\FRST-OlderVersion
2013-12-26 18:05 - 2013-12-26 18:05 - 00001699 ____C C:\Users\max\Desktop\JRT.txt
2013-12-26 17:58 - 2013-12-26 17:58 - 00000000 ___DC C:\windows\ERUNT
2013-12-26 17:56 - 2013-12-26 17:56 - 01034531 ____C (Thisisu) C:\Users\max\Downloads\JRT.exe
2013-12-26 17:54 - 2013-12-26 17:54 - 00016286 ____C C:\Users\max\Desktop\AdwCleaner[S0].txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-26 17:48 - 2013-12-26 17:50 - 00000000 ___DC C:\AdwCleaner
2013-12-26 17:47 - 2013-12-26 17:47 - 01233962 ____C C:\Users\max\Downloads\adwcleaner.exe
2013-12-26 17:42 - 2013-12-26 17:52 - 00000112 ____C C:\windows\setupact.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00001504 ____C C:\windows\PFRO.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00000000 ____C C:\windows\setuperr.log
2013-12-26 17:30 - 2013-12-26 17:30 - 00001118 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:30 - 2013-12-26 17:30 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:30 - 2013-04-04 14:50 - 00025928 ____C (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-26 17:28 - 2013-12-26 17:28 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-26 17:26 - 2013-12-26 17:26 - 00021994 ____C C:\Users\max\Desktop\Anleitung-Scans.odt
2013-12-25 18:01 - 2013-09-04 13:12 - 00343040 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00325120 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00099840 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00052736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00030720 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00025600 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-12-25 18:01 - 2013-09-04 13:11 - 00007808 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-12-25 17:32 - 2013-12-25 17:32 - 00030096 ____C C:\ComboFix.txt
2013-12-25 17:22 - 2013-12-25 17:32 - 00000000 ___DC C:\Qoobox
2013-12-25 17:22 - 2013-12-25 17:31 - 00000000 ___DC C:\windows\erdnt
2013-12-25 17:22 - 2011-06-26 07:45 - 00256000 ____C C:\windows\PEV.exe
2013-12-25 17:22 - 2010-11-07 18:20 - 00208896 ____C C:\windows\MBR.exe
2013-12-25 17:22 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\windows\NIRCMD.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\windows\SWREG.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\windows\SWSC.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00098816 ____C C:\windows\sed.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00080412 ____C C:\windows\grep.exe
2013-12-25 17:22 - 2000-08-31 01:00 - 00068096 ____C C:\windows\zip.exe
2013-12-25 17:18 - 2013-12-25 17:18 - 05158070 ___RC (Swearware) C:\Users\max\Downloads\ComboFix.exe
2013-12-25 17:12 - 2013-12-25 17:12 - 00368256 ____C (RegNow.com) C:\Users\max\Downloads\Download_MaxSDDMnew.exe
2013-12-25 16:57 - 2013-12-25 17:11 - 00030919 ____C C:\Users\max\Desktop\combofix-anleitung.odt
2013-12-22 22:41 - 2013-12-22 22:41 - 00377856 ____C C:\Users\max\Downloads\gmer_2.1.19163.exe
2013-12-22 22:36 - 2013-12-26 18:10 - 00000000 ___DC C:\FRST
2013-12-22 22:35 - 2013-12-26 18:10 - 01928716 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-20 14:17 - 2013-12-20 14:18 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 18:51 - 2013-12-12 08:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-11 08:04 - 2013-12-11 20:10 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 08:04 - 2013-12-11 20:10 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:10 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 08:04 - 2013-12-11 20:08 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 08:04 - 2013-12-11 20:08 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 08:04 - 2013-12-11 20:08 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 08:04 - 2013-10-04 03:16 - 00116736 ____C (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 08:04 - 2013-10-04 02:36 - 00230400 ____C (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
2013-12-26 18:10 - 2013-12-26 18:10 - 00019066 ____C C:\Users\max\Downloads\FRST.txt
2013-12-26 18:10 - 2013-12-26 18:10 - 00000000 ___DC C:\Users\max\Downloads\FRST-OlderVersion
2013-12-26 18:10 - 2013-12-22 22:36 - 00000000 ___DC C:\FRST
2013-12-26 18:10 - 2013-12-22 22:35 - 01928716 ____C (Farbar) C:\Users\max\Downloads\FRST64.exe
2013-12-26 18:05 - 2013-12-26 18:05 - 00001699 ____C C:\Users\max\Desktop\JRT.txt
2013-12-26 18:01 - 2010-02-10 00:33 - 00654400 ____C C:\windows\system32\perfh007.dat
2013-12-26 18:01 - 2010-02-10 00:33 - 00130240 ____C C:\windows\system32\perfc007.dat
2013-12-26 18:01 - 2009-07-14 06:13 - 01498742 ____C C:\windows\system32\PerfStringBackup.INI
2013-12-26 18:01 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:01 - 2009-07-14 05:45 - 00013936 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:58 - 2013-12-26 17:58 - 00000000 ___DC C:\windows\ERUNT
2013-12-26 17:57 - 2011-07-23 15:05 - 00001104 ____C C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 17:56 - 2013-12-26 17:56 - 01034531 ____C (Thisisu) C:\Users\max\Downloads\JRT.exe
2013-12-26 17:54 - 2013-12-26 17:54 - 00016286 ____C C:\Users\max\Desktop\AdwCleaner[S0].txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 __RDC C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-26 17:52 - 2013-12-26 17:42 - 00000112 ____C C:\windows\setupact.log
2013-12-26 17:52 - 2011-07-23 15:05 - 00001100 ____C C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 17:52 - 2009-07-14 06:08 - 00000006 ___HC C:\windows\Tasks\SA.DAT
2013-12-26 17:51 - 2010-02-09 06:58 - 01931742 ____C C:\windows\WindowsUpdate.log
2013-12-26 17:50 - 2013-12-26 17:48 - 00000000 ___DC C:\AdwCleaner
2013-12-26 17:47 - 2013-12-26 17:47 - 01233962 ____C C:\Users\max\Downloads\adwcleaner.exe
2013-12-26 17:45 - 2012-07-10 13:58 - 00004184 ____C C:\windows\System32\Tasks\avast! Emergency Update
2013-12-26 17:42 - 2013-12-26 17:42 - 00001504 ____C C:\windows\PFRO.log
2013-12-26 17:42 - 2013-12-26 17:42 - 00000000 ____C C:\windows\setuperr.log
2013-12-26 17:33 - 2012-04-15 06:51 - 00000884 ____C C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 17:30 - 2013-12-26 17:30 - 00001118 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-26 17:30 - 2013-12-26 17:30 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 17:28 - 2013-12-26 17:28 - 10285040 ____C (Malwarebytes Corporation ) C:\Users\max\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-26 17:26 - 2013-12-26 17:26 - 00021994 ____C C:\Users\max\Desktop\Anleitung-Scans.odt
2013-12-26 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-12-26 12:43 - 2010-02-09 07:26 - 00000000 ___DC C:\Program Files (x86)\Google
2013-12-25 20:29 - 2013-09-28 09:15 - 00000000 ___DC C:\Users\max\AppData\Roaming\vlc
2013-12-25 20:22 - 2010-04-26 13:11 - 00000000 ___DC C:\Users\max\AppData\Roaming\dvdcss
2013-12-25 17:32 - 2013-12-25 17:32 - 00030096 ____C C:\ComboFix.txt
2013-12-25 17:32 - 2013-12-25 17:22 - 00000000 ___DC C:\Qoobox
2013-12-25 17:31 - 2013-12-25 17:22 - 00000000 ___DC C:\windows\erdnt
2013-12-25 17:30 - 2009-07-14 03:34 - 00000215 ____C C:\windows\system.ini
2013-12-25 17:18 - 2013-12-25 17:18 - 05158070 ___RC (Swearware) C:\Users\max\Downloads\ComboFix.exe
2013-12-25 17:16 - 2010-11-17 17:46 - 00000000 ___DC C:\Users\max\AppData\Roaming\GetRightToGo
2013-12-25 17:12 - 2013-12-25 17:12 - 00368256 ____C (RegNow.com) C:\Users\max\Downloads\Download_MaxSDDMnew.exe
2013-12-25 17:11 - 2013-12-25 16:57 - 00030919 ____C C:\Users\max\Desktop\combofix-anleitung.odt
2013-12-25 15:05 - 2010-04-14 07:51 - 00000000 ___DC C:\windows\Minidump
2013-12-23 09:13 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-22 22:41 - 2013-12-22 22:41 - 00377856 ____C C:\Users\max\Downloads\gmer_2.1.19163.exe
2013-12-22 22:34 - 2013-12-22 22:34 - 00000000 ____C C:\Users\max\defogger_reenable
2013-12-22 22:34 - 2010-04-06 09:07 - 00000000 ___DC C:\Users\max
2013-12-22 22:33 - 2013-12-22 22:33 - 00050477 ____C C:\Users\max\Downloads\Defogger.exe
2013-12-22 16:16 - 2013-12-22 16:16 - 04379048 ____C (Piriform Ltd) C:\Users\max\Downloads\ccsetup407.exe
2013-12-21 09:19 - 2012-04-26 06:39 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 14:18 - 2013-12-20 14:17 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-12-19 22:08 - 2013-09-23 08:34 - 00000700 ____C C:\Users\max\Desktop\Film-Tips.txt
2013-12-18 21:22 - 2013-12-18 21:22 - 00000664 ____C C:\Users\max\Desktop\Filme_Michael_Caine.txt
2013-12-15 19:23 - 2013-08-01 21:03 - 00000000 ___DC C:\windows\system32\MRT
2013-12-15 19:22 - 2010-04-10 07:27 - 90708896 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 16:52 - 2013-06-19 12:32 - 00000000 ___DC C:\Users\max\.gimp-2.8
2013-12-15 13:03 - 2013-12-15 13:03 - 00368343 ____C C:\Users\max\AppData\Local\recently-used.xbel
2013-12-14 08:53 - 2013-12-14 08:53 - 00000000 ___DC C:\Users\max\AppData\Roaming\AVAST Software
2013-12-13 21:11 - 2013-03-19 16:22 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-13 21:11 - 2013-03-19 16:22 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-12-13 21:11 - 2012-02-26 13:20 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-12-13 21:11 - 2011-05-27 09:09 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-13 21:11 - 2011-01-21 12:45 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-13 21:11 - 2011-01-21 12:45 - 00043152 ____C (AVAST Software) C:\windows\avastSS.scr
2013-12-13 21:11 - 2010-04-22 05:41 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-12-13 21:11 - 2010-04-22 05:41 - 00001982 ____C C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-13 21:10 - 2013-12-13 21:10 - 00000000 ___DC C:\ProgramData\AVAST Software
2013-12-13 21:10 - 2010-04-22 05:41 - 00000000 ____C C:\windows\SysWOW64\config.nt
2013-12-12 08:12 - 2013-12-11 18:51 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 08:01 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 07:59 - 2009-07-14 05:45 - 00486968 ____C C:\windows\system32\FNTCACHE.DAT
2013-12-11 20:11 - 2013-12-11 20:11 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 20:11 - 2013-12-11 20:11 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 20:11 - 2013-12-11 20:11 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 20:10 - 2013-12-11 08:04 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 20:10 - 2013-12-11 08:04 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 20:10 - 2010-04-06 09:15 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-12-11 20:09 - 2013-12-11 20:09 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 20:09 - 2013-12-11 20:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 20:09 - 2013-12-11 20:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 20:09 - 2013-12-11 20:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 20:09 - 2013-12-11 20:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 20:09 - 2013-12-11 08:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 20:08 - 2013-12-11 08:04 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 20:08 - 2013-12-11 08:04 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 20:08 - 2013-12-11 08:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 10:00 - 2013-10-25 05:43 - 00001716 ____C C:\Users\max\Desktop\Oberstdorf-Reisetips.txt
2013-12-11 08:16 - 2013-12-11 08:16 - 00002768 ____C C:\windows\System32\Tasks\CCleanerSkipUAC
2013-12-11 08:16 - 2013-12-11 08:16 - 00000827 ____C C:\Users\Public\Desktop\CCleaner.lnk
2013-12-11 08:16 - 2013-12-11 08:16 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-10 21:33 - 2013-12-10 21:33 - 09272200 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00692616 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 21:33 - 2012-04-15 06:51 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 21:33 - 2011-10-07 17:41 - 00071048 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 20:02 - 2013-10-22 08:13 - 00002831 ____C C:\Users\max\Desktop\Fahrplan-Romantische_Schiene_EM_Noerdlingen.txt
2013-12-02 20:52 - 2011-07-23 15:05 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 20:52 - 2011-07-23 15:05 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\max\AppData\Local\Temp\Quarantine.exe
C:\Users\max\AppData\Local\Temp\setup{D161B9EA-95DE-44A6-BAC5-4B0B62053A68}.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-26 13:50
==================== End Of Log ============================
--- --- --- |
|
27.12.2013, 16:39
| #7 |
| /// the machine /// TB-Ausbilder | immer wieder neue Setup.exe in Temp-Ordner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.12.2013, 21:41
| #8 |
| | immer wieder neue Setup.exe in Temp-Ordner Danke für die Anleitung, schrauber. Hab erst TFC ausgeführt. Ein Neustart wurde nicht verlangt. Dann das 1. mal die mbar.exe. 1 Malware Fund. Anschließend Neustart. Nach dem Neustart bekam ich beim Hochfahren gemeldet, daß das c:\Dateisystem gescannt werden werden muß aufgrund eines Fehlers. Und die Auflösung des Monitors ist fehlerhaft, die Ikons sind zu groß und in die Breite gezogen. Und die Schrift ist zu groß. Wäre froh, wenn du mir einen Tip geben könntest, wie ich das wieder in Ordnung bringen kann. Der 2. Scan mit mbar.exe hat nichts mehr gefunden. Hier die Logfiles: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.27.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
max :: MAX-PC [administrator]
27.12.2013 19:47:11
mbar-log-2013-12-27 (19-47-11).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 252449
Time elapsed: 12 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\nvlddmkm.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.27.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
max :: MAX-PC [administrator]
27.12.2013 20:08:45
mbar-log-2013-12-27 (20-08-45).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 253331
Time elapsed: 13 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Die Monitorauflösung blieb ebenfalls fehlerhaft, läßt sich auch nicht anders einstellen. Hab dann versucht, eine Systemwiederherstellung zu starten. Das ist aber nicht möglich: Meldung: 'Der Datenträger "Local (c: )" enthält Fehler. Es wurde festgestellt, daß das Dateisystem auf Local (C: ) beschädigt ist. Sie müssen den Datenträger auf Fehler überprüfen, bevor die Wiederherstellung ausgeführt werden kann.' Und als ich auf den Button 'Datenträger auf Fehler überprüfen' geklickt hatte, erhielt ich die Meldung: 'Datenträger kann nicht überprüft werden, während er in Verwendung ist.' So sieht es momentan bei mir aus. Würde mich freuen, wenn es da noch eine Rettung gibt. ------ --------------- ---------- ------------- Hab hier mal ein Foto von der Fehlermeldung beim Hochfahren gemacht. Autochk kann angeblich nicht gefunden werden. Was immer das heißen mag.  |
|
28.12.2013, 18:09
| #9 |
| /// the machine /// TB-Ausbilder | immer wieder neue Setup.exe in Temp-Ordner Beim Booten F8 drücken, als wenn Du in den Abgesicherten Modus willst. Dann bitte Computer reparieren wählen, dann Eingabeaufforderung. Schreibe dann chkdsk c: /f /r und drücke enter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2013, 20:26
| #10 |
| | immer wieder neue Setup.exe in Temp-Ordner Danke Schrauber. Das Drücken von F8 hat nichts bewirkt. Hab dann von der Windows DVD gebootet und dann dort chkdsk eingegeben. Der Neustart erfolgte dann zwar ohne Fehlermeldung, aber die Monitorauflösung war immer noch fehlerhaft. Hab dann beim Hersteller meines Notebook einen neuen Vga/Nvidia-Treiber geladen und jetzt ist wieder alles paletti.  Somit dürfte wohl alles in Ordnung sein jetzt. Die setup.exe hat sich bisher noch nicht wieder gemeldet und wird es auch hoffentlich nie wieder tun. Ich sag ein herzliches Dankeschön! Vielen Dank für deine Zeit und deine Hilfe!  |
|
29.12.2013, 12:37
| #11 |
| /// the machine /// TB-Ausbilder | immer wieder neue Setup.exe in Temp-Ordner Fertig  Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.12.2013, 18:16
| #12 |
| | immer wieder neue Setup.exe in Temp-Ordner Danke für die vielen nützlichen Tips. Secunia gefällt mir sehr gut, schneller und einfacher geht updaten nicht. Avast hat mir schon immer ständig etwas von veralteten Progs erzählt, ich hab die Meldungen aber nur genervt weggeklickt ... Mir ist noch eingefallen, daß sich kurz vor dieser ominösen setup.exe ein Scanner auf meinem Laptop installiert hatte. Der Name war irgendwas mit Speed, glaube ich. Ganz unverhofft hat da plötzlich dieses prog meinen Laptop gescannt und dann eine Liste von Dateien vorgeschlagen, welche ich nun löschen könne. Das war mir aber zu suspekt. Hab das Prog gleich geschlossen und deinstalliert. Dachte, daß es auf eine ähnliche Art wie manche Toolbars auf meinen Laptop gekommen wäre. Wahrscheinlich waren meine veralteten Progs das offene Tor dafür. Zukünftig werde ich auf jeden Fall achtsamer sein. Automatische Windows-Updates hatte ich bereits eingestellt. Nocsript und Adblock Plus hab ich auch schon längere Zeit. Deine Tips werde ich unter meinen Lesezeichen speichern.  Hab alle Scan-Progs gelöscht nach deiner Anleitung. Somit wäre alles erledigt. Herzlichen Dank nochmal! |
|
31.12.2013, 14:59
| #13 |
| /// the machine /// TB-Ausbilder | immer wieder neue Setup.exe in Temp-Ordner Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
